Apple to release Flashback removal software, working to take down botnet

Apple has now publicly acknowledged the Flashback trojan and says it's …

Apple plans to release software that will detect and remove Flashback malware infections on the Mac, the company announced Tuesday. In a knowledge base link published late in the day, Apple explained that it's aware of the infection—which takes advantage of a previously unpatched Java vulnerability—saying that the software was coming, but no specific release date was given.

In addition to the Flashback detection software, Apple said that it's "working with ISPs worldwide" to disable the botnet's command and control (C&C) servers. Kaspersky researcher Kurt Baumgartner told Forbes earlier on Tuesday that "Apple is taking appropriate action by working with the larger Internet security community to shut down the Flashfake [also known as Flashback] C2 domains," and Apple's latest efforts seem to coincide with Baumgartner's statement.

"Apple is developing software that will detect and remove the Flashback malware," Apple wrote. "In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network."

We have been covering the Mac Flashback trojan since 2011, but the malware recently picked up steam. Last week, Russian security firm Dr. Web reported that it had infected more than half a million Macs worldwide. (The aforelinked Forbes report claimed Apple tried to take down Dr. Web's sinkhole server for Flashback, but it seems most likely that this was an accidental inclusion in Apple's attempts to take down the botnet's C&Cs.)

There are already a couple ways to detect and remove a Flashback infection, but they involve some Terminal kung-fu that less experienced users might not feel comfortable with. Apple's solution will undoubtedly target mainstream users who have heard about Flashback and want to ensure their Macs remain malware-free.

Jacqui Cheng
Jacqui is an Editor at Large at Ars Technica, where she has spent the last eight years writing about Apple culture, gadgets, social networking, privacy, and more. Emailjacqui@arstechnica.com//Twitter@eJacqui

The whole flashback thing should be looked at as a good thing. People have been lied to with the "don't get viruses" marketing BS for too long. This stuff being in the news media will get people on board with using an AV regardless of OS. It isn't like this will be the last, and they won't all be java based vectors either.

It's really insane to argue over whether Macs are susceptible to malware or not. What I've said for years is that there still hadn't been any widespread malware to successfully target Mac OS X and that it was safe for practical purposes, as compared to Windows. We FINALLY have the first successful widespread attack. It's unfortunate, but it was inevitable. Even with this, you're still pretty darned safe with a Mac. That's subject to change if and when more malware writers attack the platform.

Macs get fewer malware/virus problems for a couple reasons: smaller market share than Windows PCs, so virus/malware authors spend less time developing them for Mac, and Mac OS X is based on BSD, which has some security advantages over MS's stuff. Obviously OS X isn't invulnerable, and I wish Apple had never mentioned the "less viruses" thing in their marketing.

People on Ars generally know the above, but some people still roll out the tired "so Macs never get viruses huh? Neener neener, look at this!" line even though they know that was never REALLY the case.

Macs get fewer malware/virus problems for a couple reasons: smaller market share than Windows PCs, so virus/malware authors spend less time developing them for Mac, and Mac OS X is based on BSD, which has some security advantages over MS's stuff. Obviously OS X isn't invulnerable, and I wish Apple had never mentioned the "less viruses" thing in their marketing.

People on Ars generally know the above, but some people still roll out the tired "so Macs never get viruses huh? Neener neener, look at this!" line even though they know that was never REALLY the case.

what?

BSD has nothing to do with something being more secure... I would bet there are just as many vulnerabilities in OSx than windows that include code execution and privilege escalation... IF not more due to the intense scrutiny MS gets... The big issue with windows is you still have a CRAP TON of users on XP, a OS that came out almost same time as OSx 10.1 ...

Just saying systems running windows 7 or win2008 R2 or anything current are quite secure...

We FINALLY have the first successful widespread attack. It's unfortunate, but it was inevitable.

Syonyk wrote:

Well, one moderately widespread malware infection on OS X. I think this breaks the 12 year stretch with nothing significant.

Well, I'd argue this is at least the second widespread attack. (MacDefender being the other one. We can argue if earlier ones like Oompa.Loompa count)

However...

Quote:

Just a few hundred thousand more outbreaks and it'll catch up with Windows!

...this is the type of comment that poisons discussions. People say this without thought with no regard as to what that number even means or even where it came from. It's one of those received wisdom facts that are born out of the aether, where the source is lost to the myths of time. It's the type of line that should get a [citation needed] if it popped up on Wikipedia. There was not a "few hundred thousand outbreaks" on Windows. You only even get "a few hundred thousand" viruses if you count every single slight variation of every virus/malware that affected Windows since version 3.1, never mind that that spans three major OS architectures as though a Windows 3.1 or 95 virus would work on XP or Seven. Heck, by that accounting, MacDefender would be about 5 pieces of malware and Flashback would be two...

It's good that Apple is finally getting around to rolling out a fix. What's the general backstory behind them not accepting the Oracle update that would have fixed the problem? Anyone got a handy link or explanation?

Hopefully they'll take security more seriously and realize that outside help like this is an asset.

Take security more seriously? They have created an *entire operating system* where security holes like this one aren't possible, and almost every device they sell has this new system (iOS).

Apple's solution to security holes in third party browser plugins is to remove third party browser plugins altogether.

Short-minded thinking so I'll put this in perspective. Nothing is really "completely built from scratch"...NOTHING. You want to really be technical we might as well say "hey what the hell doesn't use a base variation of C+ or Unix".

And while its true that the attack vector for Apples is currently smaller you're also ignoring the retail aspect; it's a popular product that is increasing in sales and with Apple's intention of tying t heir computers and mobile platforms into a unified eco-system you're also raising that risk where malware can migrate to more devices more effectively and easily. The sugar coating for malware is the additional observation that as more people less technically savvy migrate to an Apple and as it's share increases, they'll more likely to be targeted in the future.

Apple doesn't help itself either by NOT paying out money for security vulnerabilities like Google and Microsoft does nor does it do a terrific job of saying "we have an issue" or recognizing "we could have an issue" and addressing it via an update/patch before it does become exploited. It's not like this exploit was a mystery either; they knew of its existence earlier.

I also don't have much confidence on how Apple has been handling malware outbreaks. Sure they are a small percentage overall but when they become big (relative to what Apple's norm is) and you're seeing an increase in frequency, are they going to continue the "keep consumers in the dark as long as possible" or become more proactive like Microsoft?

Apple doesn't help itself either by NOT paying out money for security vulnerabilities like Google and Microsoft does nor does it do a terrific job of saying "we have an issue" or recognizing "we could have an issue" and addressing it via an update/patch before it does become exploited. It's not like this exploit was a mystery either; they knew of its existence earlier.

I also don't have much confidence on how Apple has been handling malware outbreaks. Sure they are a small percentage overall but when they become big (relative to what Apple's norm is) and you're seeing an increase in frequency, are they going to continue the "keep consumers in the dark as long as possible" or become more proactive like Microsoft?

I´ve been banging on for ages that Apple as a company demonstrates a level of arrogance that will be its downfall. This shows up clearly in its handling of social responsibility and now its beginning to show up cracks in how it has handled both user security, not only in these recent malware cases on OSX but also in the developer and corporate abuse of user data in the not-so-walled garden of IOS. Time and again they seek to isolate and punish people who provide well-informed, well-meant, open and constructive criticism. Pure hubris.